Debian

Debian by default, comes without a firewall tool. It does however include iptables which is what all the firewall tools use under the hood. You do have your pick of tools and shorewall and ufw are well regarded. But most experienced debian admins have settled upon just learning and using iptables directly, with the convention of employing iptables-persistent to mange saving and loading rules at boot time.

Presumptions:

Let's assume that we're going to allow the system and users on that system to initiate outbound connections without restrictions. While that is not the most secure, it good for flexibility and makes it so we only need to create inbound rules